<?php session_start();
if (!isset($_SESSION['id_user']) || $_SESSION['id_user']=='') {
	$url="/index.php?msg=0"; 
	echo "<SCRIPT>window.location='$url';</SCRIPT>"; 
}

if (!is_object($bd)){	
	//me conecto a la base de datos
	require($_SERVER['DOCUMENT_ROOT']."/globals/Db.class.php");
	require($_SERVER['DOCUMENT_ROOT']."/globals/Conf.class.php");
	$bd=Db::getInstance();	
}

$id_user = $_SESSION["id_user"];
$password = $bd->san($_POST["password"]);
$password = substr(sha1($password), 0, 20);


$result = $bd->eje("SELECT password, id FROM usuarios WHERE password = '$password' and id = $id_user");
$num_rows = $bd->numRows($result);
$string_to_return = "";
if($num_rows > 0){
	//la password está bien porque encontró el usuario y password
	$string_to_return = "<img id='img_status_pass' src='../images/ok.png' width='20' height='20' /><span class='letra12' style='color:green'> Ok... </span>";	
}else{
	//la password no es la correcta
	$string_to_return = "<img id='img_status_pass' src='../images/nok.png' width='20' height='20'/><span class='letra12' style='color:red'> Pusiste mal tu password... </span>";
}
echo($string_to_return);
?>
